Configuring LDAP for Reporting

From the Data Warehouse portal, the Administrator can configure LDAP usage for Data Warehouse and Reporting.

Before you begin

You must log in to Insight as an Administrator to perform this task.

Steps

  1. Log in to the Data Warehouse Portal at https://hostname/dwh, where hostname is the name of the system on which OnCommand Insight Data Warehouse is installed.
  2. From the navigation pane on the left, click User Management.
  3. Click LDAP Configuration.
  4. Select Enable LDAP to start the LDAP user authentication and authorization process.
  5. Make whatever changes are necessary to configure LDAP.
    The majority of the fields contain default values. The default settings are valid for the Active Directory.
    User principal name attribute
    Attribute that identifies each user in the LDAP server. Default is userPrincipalName, which is globally unique. OnCommand Insight attempts to match the contents of this attribute with the username that has been supplied above.
    Role attribute
    LDAP attribute that identifies the user's fit within the specified group. Default is memberOf.
    Mail attribute
    LDAP attribute that identifies the user's email address. Default is mail. This is useful if you want to subscribe to reports available from OnCommand Insight. Insight picks up the user's email address the first time each user logs in and does not look for it after that.
    Note: If the user's email address changes on the LDAP server, be sure to update it in Insight.
    Distinguished name attribute
    LDAP attribute that identifies the user's distinguished name. default is distinguishedName.
    Referral
    Indicates whether to follow the path to other domains if there are multiple domains in the enterprise. You must always use the default follow setting.
    Timeout
    Length of time to wait for a response from the LDAP server before timing out, in milliseconds. default is 2,000, which is adequate in all cases and should not be modified.
    LDAP servers
    This is the IP address or DNS name to identify the LDAP server. To identify a specific port, where ldap-server-address is the name of the LDAP server, you can use the following format:
    ldap://ldap-server-address:port
    To use the default port, you can use the following format:
    ldap://ldap-server-address
    Note:

    When entering multiple LDAP servers in this field, separate entries with a comma, and ensure that the correct port number is used in each entry.

    To import the LDAP certificates, click Import Certificates and automatically import or manually locate the certificate files.
    Domain
    LDAP node where OnCommand Insight should start looking for the LDAP user. Typically this is the top-level domain for the organization. For example:
    DC=<enterprise>,DC=com
    Insight server admins group
    LDAP group for users with Insight Server Administrator privileges. Default is insight.server.admins.
    Insight administrators group
    LDAP group for users with Insight Administrator privileges. Default is insight.admins.
    Insight users group
    LDAP group for users with Insight User privileges. Default is insight.users.
    Insight guests group
    LDAP group for users with Insight Guest privileges. Default is insight.guests.
    Reporting administrators group
    LDAP group for users with Insight Reporting administrator privileges. Default is insight.report.admins.
    Reporting pro authors group
    LDAP group for users with Insight Reporting pro authors privileges. Default is insight.report.proauthors.
    Reporting business authors group
    LDAP group for users with Insight Reporting business authors privileges. Default is insight.report.business.authors.
    Reporting business consumers group
    LDAP group for users with Insight Reporting business consumers privileges. Default is insight.report.business.consumers.
    Reporting recipients group
    LDAP group for users with Insight Reporting recipient privileges. Default is insight.report.recipients.
  6. Enter values in the Directory lookup user and Directory lookup user password fields if you made any changes.
    If you do not enter the revised values in these fields, your changes are not saved.
  7. Retype the directory lookup user password in the Confirm directory lookup user password field, and click Validate Password to validate the password on the server.
  8. Click Update to save the changes. Click Cancel to remove changes.